On Fri, 09 Jan 2004 07:55:54 -0600, you wrote:
>
>>Is 0/0 valid in a table? No error is generated, but traffic isn't passed
>>as expected.
>>table <some> const { 0/0, !X.X.X.X/32, !X.X.X.X/32 }
>>pass in log quick on $ext_if inet proto tcp from <some> to any port www
>>flags S/FSRA synproxy state
>
>Yes, 0/0 should match every IP address. This rule should pass in
>everything, it is the same as doing a pass in all.
>
It should, unfortunately it doesn't in practice. It's not quite the same as pass
in all given the excluded ip addresses.
>>While this is passed as expected.
>>
>>table <some> const { 0/1, 128/1, !X.X.X.X/32, !X.X.X.X/32 }
>>pass in log quick on $ext_if inet proto tcp from <some> to any port www
>>flags S/FSRA synproxy state
>
>0/1 should match only those address where the high order bit in the address
>is 0 (0-127.0.0.0). Your second ip (128/1) completes the range so
>everything from 0-255.0.0.0 should be let in, which is what you want
>apparently.
>
>Why not just use a pass in all rule?
>
Because the point wasn't to replicate the pass in all rule. As I mentioned above;
it's not quite the same as pass in all given the excluded ip addresses.
